You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Harikrishna Patnala <ha...@citrix.com> on 2012/11/20 10:32:37 UTC
Using POST requests instead of GET for the commands containing
password
Some commands include password parameter in the query string like when adding the external resources or hosts or cluster.
Since all of our API is GET, all parameters are present in the query string and are getting logged.
Is it better to change these specific requests into POST ?
Thanks
RE: Using POST requests instead of GET for the commands containing
password
Posted by Pranav Saxena <pr...@citrix.com>.
We are planning to fix it for the next release.
Regards,
Pranav
-----Original Message-----
From: Koushik Das [mailto:koushik.das@citrix.com]
Sent: Tuesday, November 20, 2012 3:38 PM
To: cloudstack-dev@incubator.apache.org
Subject: RE: Using POST requests instead of GET for the commands containing password
This was already discussed earlier http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-dev/201207.mbox/%3c2529883E7B666F4E8F21F85AADA43CA70100E883AD41@BANPMAILBOX01.citrite.net%3e
The UI needs to be fixed for all such API calls that has password as parameter. There was already an issue in the old JIRA (refer old thread for bug ID), needs to be cloned if not present in apache JIRA.
-Koushik
-----Original Message-----
From: Harikrishna Patnala [mailto:harikrishna.patnala@citrix.com]
Sent: Tuesday, November 20, 2012 3:03 PM
To: cloudstack-dev@incubator.apache.org
Subject: Using POST requests instead of GET for the commands containing password
Some commands include password parameter in the query string like when adding the external resources or hosts or cluster.
Since all of our API is GET, all parameters are present in the query string and are getting logged.
Is it better to change these specific requests into POST ?
Thanks
RE: Using POST requests instead of GET for the commands containing
password
Posted by Koushik Das <ko...@citrix.com>.
This was already discussed earlier http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-dev/201207.mbox/%3c2529883E7B666F4E8F21F85AADA43CA70100E883AD41@BANPMAILBOX01.citrite.net%3e
The UI needs to be fixed for all such API calls that has password as parameter. There was already an issue in the old JIRA (refer old thread for bug ID), needs to be cloned if not present in apache JIRA.
-Koushik
-----Original Message-----
From: Harikrishna Patnala [mailto:harikrishna.patnala@citrix.com]
Sent: Tuesday, November 20, 2012 3:03 PM
To: cloudstack-dev@incubator.apache.org
Subject: Using POST requests instead of GET for the commands containing password
Some commands include password parameter in the query string like when adding the external resources or hosts or cluster.
Since all of our API is GET, all parameters are present in the query string and are getting logged.
Is it better to change these specific requests into POST ?
Thanks